aboutsummaryrefslogtreecommitdiffstats
path: root/recipes-security/samhain/files/samhain-samhainrc.patch
blob: 145700a0e64d9038d730d307ca5364c896de36fe (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
commit 4c6658441eb3ffc4e51ed70f78cbdab046957580
Author: Aws Ismail <aws.ismail@windriver.com>
Date:   Fri Jun 22 16:38:20 2012 -0400

Make samhainrc OE-friendly.

Patch the samhainrc that will be installed 
as part of the 'make install' step to more
accurately reflect what will be found, and
what will be of concern, on a OE install.
    
Upstream-Status: Inappropriate [configuration]

Signed-off-by: Aws Ismail <aws.ismail@windriver.com>

diff --git a/samhainrc.linux b/samhainrc.linux
index 9bc5ca4..10a8176 100644
--- a/samhainrc.linux
+++ b/samhainrc.linux
@@ -74,7 +74,6 @@ dir = 0/
 [Attributes]
 file = /tmp
 file = /dev
-file = /media
 file = /proc
 file = /sys
 
@@ -93,19 +92,10 @@ dir = 99/etc
 ## check permission and ownership
 ##
 file = /etc/mtab
+file = /etc/fstab
 file = /etc/adjtime
 file = /etc/motd
-file = /etc/lvm/.cache
-
-# On Ubuntu, these are in /var/lib rather than /etc
-file = /etc/cups/certs
-file = /etc/cups/certs/0
-
-# managed by fstab-sync on Fedora Core
-file = /etc/fstab
-
-# modified when booting 
-file = /etc/sysconfig/hwconf
+file = /etc/lvm/lvm.conf
 
 # There are files in /etc that might change, thus changing the directory
 # timestamps. Put it here as 'file', and in the ReadOnly section as 'dir'.
@@ -147,10 +137,6 @@ dir = 99/dev
 ##
 dir = -1/dev/pts
 
-# dir = -1/dev/.udevdb
-
-file = /dev/ppp
-
 #
 # --------- /usr -----------
 #
@@ -167,50 +153,21 @@ dir = 99/var
 
 [IgnoreAll]
 dir = -1/var/cache
-dir = -1/var/backups
-dir = -1/var/games
-dir = -1/var/gdm
 dir = -1/var/lock
 dir = -1/var/mail
 dir = -1/var/run
 dir = -1/var/spool
 dir = -1/var/tmp
-dir = -1/var/lib/texmf
-dir = -1/var/lib/scrollkeeper
 
 
 [Attributes]
 
-dir = /var/lib/nfs
-dir = /var/lib/pcmcia
-
 # /var/lib/rpm changes if packets are installed;
 # /var/lib/rpm/__db.00[123] even more frequently
 file = /var/lib/rpm/__db.00?
 
-file = /var/lib/acpi-support/vbestate
-file = /var/lib/alsa/asound.state
-file = /var/lib/apt/lists/lock
-file = /var/lib/apt/lists/partial
-file = /var/lib/cups/certs
-file = /var/lib/cups/certs/0
-file = /var/lib/dpkg/lock
-file = /var/lib/gdm
-file = /var/lib/gdm/.cookie
-file = /var/lib/gdm/.gdmfifo
-file = /var/lib/gdm/:0.Xauth
-file = /var/lib/gdm/:0.Xservers
-file = /var/lib/logrotate/status
-file = /var/lib/mysql
-file = /var/lib/mysql/ib_logfile0
-file = /var/lib/mysql/ibdata1
-file = /var/lib/slocate
-file = /var/lib/slocate/slocate.db
-file = /var/lib/slocate/slocate.db.tmp
-file = /var/lib/urandom
-file = /var/lib/urandom/random-seed
+file = /var/lib/logrotate.status
 file = /var/lib/random-seed
-file = /var/lib/xkb
 
 
 [GrowingLogFiles]
@@ -325,7 +282,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
 
 ## Console
 ##
-# PrintSeverity=info
+PrintSeverity=warn
 
 ## Logfile
 ##
@@ -333,7 +290,7 @@ IgnoreMissing = /var/lib/slocate/slocate.db.tmp
 
 ## Syslog
 ##
-# SyslogSeverity=none
+SyslogSeverity=info
 
 ## Remote server (yule)
 ##
@@ -556,7 +513,8 @@ ChecksumTest=check
 ## and I/O limit (kilobytes per second; 0 == off)
 ## to reduce load on host.
 #
-# SetNiceLevel = 0
+# By default we configure samhain to be nice with everything else on the system
+SetNiceLevel = 10
 # SetIOLimit = 0
 
 ## The version string to embed in file signature databases
@@ -565,13 +523,14 @@ ChecksumTest=check
 
 ## Interval between time stamp messages
 #
-# SetLoopTime = 60
-SetLoopTime = 600
+# Log a timestamp every hour
+SetLoopTime = 3600
 
 ## Interval between file checks 
 #
 # SetFileCheckTime = 600
-SetFileCheckTime = 7200
+# One file system check per day
+SetFileCheckTime = 86400
 
 ## Alternative: crontab-like schedule
 #